Merge "pki: conditional enablement of signing section"
This commit is contained in:
commit
eaee5d4970
|
@ -247,13 +247,19 @@ class KeystoneContext(context.OSContextGenerator):
|
|||
log("Enabling PKI", level=DEBUG)
|
||||
ctxt['token_provider'] = 'pki'
|
||||
|
||||
ensure_pki_cert_paths()
|
||||
certs = os.path.join(PKI_CERTS_DIR, 'certs')
|
||||
privates = os.path.join(PKI_CERTS_DIR, 'privates')
|
||||
ctxt.update({'certfile': os.path.join(certs, 'signing_cert.pem'),
|
||||
'keyfile': os.path.join(privates, 'signing_key.pem'),
|
||||
'ca_certs': os.path.join(certs, 'ca.pem'),
|
||||
'ca_key': os.path.join(certs, 'ca_key.pem')})
|
||||
# NOTE(jamespage): Only check PKI configuration if the PKI
|
||||
# token format is in use, which has been
|
||||
# removed as of OpenStack Ocata.
|
||||
ensure_pki_cert_paths()
|
||||
certs = os.path.join(PKI_CERTS_DIR, 'certs')
|
||||
privates = os.path.join(PKI_CERTS_DIR, 'privates')
|
||||
ctxt['enable_signing'] = True
|
||||
ctxt.update({'certfile': os.path.join(certs, 'signing_cert.pem'),
|
||||
'keyfile': os.path.join(privates, 'signing_key.pem'),
|
||||
'ca_certs': os.path.join(certs, 'ca.pem'),
|
||||
'ca_key': os.path.join(certs, 'ca_key.pem')})
|
||||
else:
|
||||
ctxt['enable_signing'] = False
|
||||
|
||||
# Base endpoint URL's which are used in keystone responses
|
||||
# to unauthenticated requests to redirect clients to the
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{% if enable_signing -%}
|
||||
[signing]
|
||||
{% if certfile -%}
|
||||
certfile = {{ certfile }}
|
||||
|
@ -10,4 +11,5 @@ ca_certs = {{ ca_certs }}
|
|||
{% endif -%}
|
||||
{% if ca_key -%}
|
||||
ca_key = {{ ca_key }}
|
||||
{% endif -%}
|
||||
{% endif -%}
|
||||
{% endif -%}
|
Loading…
Reference in New Issue